//
// WSHttpBinding.cs
//
// Author:
//	Atsushi Enomoto <atsushi@ximian.com>
//
// Copyright (C) 2005-2006 Novell, Inc.  http://www.novell.com
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
// 
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
using System;
using System.Collections.Generic;
using System.Net.Security;
using System.ServiceModel.Channels;
using System.ServiceModel.Description;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;

namespace System.ServiceModel
{
	public class WSHttpBinding : WSHttpBindingBase
	{
		WSHttpSecurity security;
		bool allow_cookies;

		public WSHttpBinding ()
			: this (SecurityMode.Message)
		{
		}

		public WSHttpBinding (SecurityMode mode)
			: this (mode, false)
		{
		}

		public WSHttpBinding (SecurityMode mode,
			bool reliableSessionEnabled)
			: base (reliableSessionEnabled)
		{
			security = new WSHttpSecurity (mode);
		}

		[MonoTODO]
		public WSHttpBinding (string configurationName)
		{
			throw new NotImplementedException ();
		}

		[MonoTODO]
		public bool AllowCookies {
			get { return allow_cookies; }
			set { allow_cookies = value; }
		}

		[MonoTODO]
		public WSHttpSecurity Security {
			get { return security; }
		}

		[MonoTODO]
        	public override BindingElementCollection CreateBindingElements ()
		{
			BindingElementCollection bc = base.CreateBindingElements ();
			// message security element is returned only when
			// it is enabled (while CreateMessageSecurity() still
			// returns non-null instance).
			switch (Security.Mode) {
			case SecurityMode.None:
			case SecurityMode.Transport:
				bc.RemoveAll<SecurityBindingElement> ();
				break;
			}
			return bc;
		}

		[MonoTODO]
		protected override SecurityBindingElement CreateMessageSecurity ()
		{
			if (Security.Mode == SecurityMode.Transport ||
			    Security.Mode == SecurityMode.None)
				return null;

			SymmetricSecurityBindingElement element =
				new SymmetricSecurityBindingElement ();

			element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10;
			element.RequireSignatureConfirmation = true;

			switch (Security.Message.ClientCredentialType) {
			case MessageCredentialType.Certificate:
				X509SecurityTokenParameters p =
					new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint);
				p.RequireDerivedKeys = false;
				element.EndpointSupportingTokenParameters.Endorsing.Add (p);
				goto default;
			case MessageCredentialType.IssuedToken:
				IssuedSecurityTokenParameters istp =
					new IssuedSecurityTokenParameters ();
				// FIXME: issuer binding must be secure.
				istp.IssuerBinding = new CustomBinding (
					new TextMessageEncodingBindingElement (),
					GetTransport ());
				element.EndpointSupportingTokenParameters.Endorsing.Add (istp);
				goto default;
			case MessageCredentialType.UserName:
				element.EndpointSupportingTokenParameters.SignedEncrypted.Add (
					new UserNameSecurityTokenParameters ());
				element.RequireSignatureConfirmation = false;
				goto default;
			case MessageCredentialType.Windows:
				if (Security.Message.NegotiateServiceCredential) {
					// No SSPI on Linux though...
					element.ProtectionTokenParameters =
						// FIXME: fill proper parameters
						new SspiSecurityTokenParameters ();
				} else {
					// and no Kerberos ...
					element.ProtectionTokenParameters =
						new KerberosSecurityTokenParameters ();
				}
				break;
			default: // including .None
				if (Security.Message.NegotiateServiceCredential) {
					element.ProtectionTokenParameters =
						// FIXME: fill proper parameters
						new SslSecurityTokenParameters (false, true);
				} else {
					element.ProtectionTokenParameters =
						new X509SecurityTokenParameters (X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never);
					element.ProtectionTokenParameters.RequireDerivedKeys = true;
				}
				break;
			}

			if (!Security.Message.EstablishSecurityContext)
				return element;

			// SecureConversation enabled

			ChannelProtectionRequirements reqs =
				new ChannelProtectionRequirements ();
			// FIXME: fill the reqs

			return SecurityBindingElement.CreateSecureConversationBindingElement (
				// FIXME: requireCancellation
				element, true, reqs);
		}

		[MonoTODO]
		protected override TransportBindingElement GetTransport ()
		{
			switch (Security.Mode) {
			case SecurityMode.Transport:
			case SecurityMode.TransportWithMessageCredential:
				return new HttpsTransportBindingElement ();
			default:
				return new HttpTransportBindingElement ();
			}
		}
	}
}